[clamav-users] Is there anything to do about encrypted viruses?
Paul Kosinski
clamav-users at iment.com
Tue Dec 22 17:11:37 UTC 2020
Since the password has to be included for the victim to be able to
decrypt, it ought to be possible to automatically find the password in
the email. Of course, eventually the criminals will start hiding the
password in some way that a human can easily find it, but non-AI
automation can't.
On Tue, 22 Dec 2020 03:46:13 -0800
Al Varnell via clamav-users <clamav-users at lists.clamav.net> wrote:
> When you submit it, be sure to include the password so that the ClamAV signature team can properly asses it and provide a hash signature for the zip file.
>
> -Al-
>
> > On Dec 22, 2020, at 03:32, Alessandro Vesely via clamav-users <clamav-users at lists.clamav.net> wrote:
> >
> > Hi all,
> >
> >
> > today I received a message with an encrypted zip attachment. I saved the attachment and loaded it to VirusTotal, where no scanner detected anything:
> > https://www.virustotal.com/gui/file/2cef2c979e60c1e2892e6a494814dd65db14c2076102279e6e74737d36c115a5/detection
> >
> > Then I unzipped the file using the password given in the message text, uploaded the only extracted file and got plenty of VBA / W97M malware:
> > https://www.virustotal.com/gui/file/99b352442e1351334d5e68e7f12469dc7f2790e6ae44b05be7dcd03739211f1f/detection
> >
> > I spare reporting this malware to ClamAV, as it seems hopeless to me. Am I wrong?
> >
> >
> > Best
> > Ale
More information about the clamav-users
mailing list